cycle1

Honorary Members

View Profile See their activity

Posts
26
Joined
September 23, 2012
Last visited
October 17, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by cycle1

Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Is there anything I should do while waiting for a response?
- October 17, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I'm still unable to update Malwarebytes after running the two programs from before. Should I try something else?
- October 12, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I ran both programs, and below are their respective log files: MiniToolBox by Farbar Version: 23-07-2012 Ran by David (administrator) on 12-10-2012 at 09:00:56 Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Disconnected) 1394 Net Adapter = 1394 Connection (Disconnected) Intel® PRO/Wireless 2200BG Network Connection = Wireless Network Connection (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Wireless Network Connection" set address name="Wireless Network Connection" source=dhcp set dns name="Wireless Network Connection" source=dhcp register=PRIMARY set wins name="Wireless Network Connection" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : DFG1FS91 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Peer-Peer IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection Physical Address. . . . . . . . . : 00-16-6F-44-EC-55 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.190.20.168 Subnet Mask . . . . . . . . . . . : 255.255.248.0 Default Gateway . . . . . . . . . : 10.190.16.1 DHCP Server . . . . . . . . . . . : 1.1.1.5 DNS Servers . . . . . . . . . . . : 152.3.72.100 152.3.70.100 Lease Obtained. . . . . . . . . . : Friday, October 12, 2012 8:56:30 AM Lease Expires . . . . . . . . . . : Friday, October 12, 2012 9:26:30 AM Server: rsv-bc-fitzcachedns.oit.duke.edu Address: 152.3.72.100 Name: google.com Addresses: 74.125.140.139, 74.125.140.100, 74.125.140.101, 74.125.140.102 74.125.140.113, 74.125.140.138 Pinging google.com [74.125.137.101] with 32 bytes of data: Reply from 74.125.137.101: bytes=32 time=18ms TTL=49 Reply from 74.125.137.101: bytes=32 time=21ms TTL=49 Ping statistics for 74.125.137.101: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 21ms, Average = 19ms Server: rsv-bc-fitzcachedns.oit.duke.edu Address: 152.3.72.100 Name: yahoo.com Addresses: 98.138.253.109, 98.139.183.24, 72.30.38.140 Pinging yahoo.com [72.30.38.140] with 32 bytes of data: Reply from 72.30.38.140: bytes=32 time=445ms TTL=52 Reply from 72.30.38.140: bytes=32 time=557ms TTL=52 Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 445ms, Maximum = 557ms, Average = 501ms Server: rsv-bc-fitzcachedns.oit.duke.edu Address: 152.3.72.100 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Request timed out. Request timed out. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x20002 ...00 16 6f 44 ec 55 ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.190.16.1 10.190.20.168 25 10.190.16.0 255.255.248.0 10.190.20.168 10.190.20.168 25 10.190.20.168 255.255.255.255 127.0.0.1 127.0.0.1 25 10.255.255.255 255.255.255.255 10.190.20.168 10.190.20.168 25 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 169.254.0.0 255.255.0.0 10.190.20.168 10.190.20.168 20 224.0.0.0 240.0.0.0 10.190.20.168 10.190.20.168 25 255.255.255.255 255.255.255.255 10.190.20.168 10.190.20.168 1 Default Gateway: 10.190.16.1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (10/12/2012 08:57:29 AM) (Source: NativeWrapper) (User: ) Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560 Error: (10/12/2012 08:57:28 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY Description: Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log. Error: (10/12/2012 08:57:25 AM) (Source: MsiInstaller) (User: NT AUTHORITY)NT AUTHORITY Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue. Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2187 Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2187 Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13406 Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13406 Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/11/2012 08:51:44 AM) (Source: NativeWrapper) (User: ) Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560 System errors: ============= Error: (10/12/2012 08:58:41 AM) (Source: Windows Update Agent) (User: ) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370). Error: (10/12/2012 08:56:29 AM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.2 for the Network Card with network address 00166F44EC55 has been denied by the DHCP server 1.1.1.5 (The DHCP Server sent a DHCPNACK message). Error: (10/12/2012 08:56:11 AM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service. Error: (10/11/2012 10:13:35 PM) (Source: Dhcp) (User: ) Description: The IP address lease 192.168.1.2 for the Network Card with network address 00166F44EC55 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error: (10/11/2012 06:44:36 PM) (Source: Dhcp) (User: ) Description: The IP address lease 10.190.20.168 for the Network Card with network address 00166F44EC55 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: ) Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: ) Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: ) Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error: (10/11/2012 06:04:47 PM) (Source: W32Time) (User: ) Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error: (10/11/2012 03:21:49 PM) (Source: W32Time) (User: ) Description: The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Microsoft Office Sessions: ========================= Error: (10/12/2012 08:57:29 AM) (Source: NativeWrapper)(User: ) Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560 Error: (10/12/2012 08:57:28 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY Description: Microsoft .NET Framework 1.1{A38B334A-A0A2-436D-BAA0-34FE5E517E44}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log(NULL) Error: (10/12/2012 08:57:25 AM) (Source: MsiInstaller)(User: NT AUTHORITY)NT AUTHORITY Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL) Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2187 Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2187 Error: (10/12/2012 01:32:22 AM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13406 Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13406 Error: (10/11/2012 06:05:05 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/11/2012 08:51:44 AM) (Source: NativeWrapper)(User: ) Description: visualstudio7x80updatemsiexec.exe1.0.1705.5046kb26563701033643finstallx865.1.2600.2.3.0.2560 =========================== Installed Programs ============================ 32 Bit HP BiDi Channel Components Installer (Version: 1.1.0.2) 7-Zip 4.65 924PLC32 (Version: 1.0.0) ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.41612) Adobe Flash Player 10 Plugin (Version: 10.2.152.26) Adobe Flash Player 11 ActiveX (Version: 11.1.102.55) Adobe Reader X (Version: 10.0.0) Adobe SVG Viewer 3.0 (Version: 3.0) AOLIcon (Version: 1.00.0000) Apple Application Support (Version: 1.4.0) Apple Mobile Device Support (Version: 3.3.0.69) Apple Software Update (Version: 2.1.2.120) Applian FLV Player (Version: 2.0.24) Audacity 1.2.6 AutoCAD 2010 - English (Version: 18.0.55.0) AutoCAD 2010 Language Pack - English (Version: 18.0.55.0) BASIC Stamp Editor v2.2 (Version: 2.2.0.0) BASIC Stamp Editor v2.5.2 (Version: 2.5.2) Bejeweled 2 Deluxe (Version: 09/20/2005 11:53 AM) Blackhawk Striker 2 (Version: 09/20/2005 11:54 AM) BlueJ 2.2.1 Bluetooth Stack for Windows by Toshiba (Version: v3.03.02(D)) Bonjour (Version: 2.0.4.0) Broadcom Management Programs (Version: 8.65.05) Bryce 5.5c Caché in C:\InterSystems\Cache (Version: 2008.1.0.401.0) CCleaner (Version: 3.05) CinepPlayer 30 Update Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Conexant HDA D110 MDC V.92 Modem Corel Paint Shop Pro X (Version: 10.0) Corel Photo Album 6 (Version: 6.00) CVS Photo Editor Plus (Version: 1.20.0000) Dark GDK DAZ|Studio1.8.1.5 Dell CinePlayer (Version: 3.0) Dell Digital Jukebox Driver Dell Driver Reset Tool (Version: 1.02.0000) Dell Game Console Dell Media Experience (Version: 3.1) Dell Photo AIO Printer 924 Dell Support Center (Version: 2.0.07311) Dell System Restore (Version: 2.00.0000) Dell Wireless WLAN Card (Version: 4.100.15.8) DellSupport (Version: 6.0.3062) Digital Line Detect (Version: 1.15) DrawPlus 3.0 DyynoPlayer 0.8.6f (Version: 0.8.6f) EarthLink setup files (Version: 2005.1.47.0) ELIcon (Version: 1.00.0000) ESET Online Scanner v3 Game Creators Dark GDK (Version: 1.0.0) GameSpy Arcade Get High Speed Internet! (Version: 1.00.0000) Google Chrome (Version: 21.0.1180.89) Google Desktop (Version: -) Google Talk (remove only) Google Talk Plugin (Version: 3.6.1.9117) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.4.3230.2052) Google Update Helper (Version: 1.3.21.123) Graphical Analysis 3.2 (Version: 3.2) Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4410) Intel® PROSet/Wireless Software (Version: 9.00.0000) Internal Network Card Power Management (Version: 1.7.2) iTunes (Version: 10.1.0.54) Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03) Java 7 Update 7 (Version: 7.0.70) Java Auto Updater (Version: 2.1.9.0) Java 6 Update 3 (Version: 1.6.0.30) Java SE Development Kit 6 (Version: 1.6.0.0) Java SE Runtime Environment 6 (Version: 1.6.0.0) LAME v3.98.2 for Audacity Lazer Tankz Learn2 Player (Uninstall Only) LoggerPro 3.2 (Version: 3.20.000) Macromedia Shockwave Player Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400) mCore (Version: 1.19.0000) mDrWiFi (Version: 1.19.0000) mHlpDell (Version: 1.19.0000) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Antimalware (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft DirectX SDK (August 2007) (Version: 9.20.1057) Microsoft Halo Microsoft Halo Trial Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 (Version: 11.0.8173.0) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Publisher 2003 (Version: 11.0.8173.0) Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514) Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463) Microsoft Security Client (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 2.1.1116.0) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Express Edition - ENU Microsoft Visual C++ 2008 Express Edition - ENU (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 8.0 Support DLLs (Version: 1.0.0) Microsoft Web Publishing Wizard 1.52 Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework (Version: 3.5.21022) Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 (Version: 6.1.5288.17011) Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011) mIWA (Version: 1.19.0000) mIWCA (Version: 1.19.0000) mLogView (Version: 1.19.0000) mMHouse (Version: 1.19.0000) Modem Helper (Version: 3.01) Mouse Suite for Laptop Computers (Version: 1.00.0000) mPfMgr (Version: 1.19.0000) mPfWiz (Version: 1.19.0000) mProSafe (Version: 9.00.0000) MSDN Library for Microsoft Visual Studio 2008 Express Editions MSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022) MSN mSSO (Version: 1.19.0000) MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0) msxml4 (Version: 1.0.0) mToolkit (Version: 1.19.0000) Musicmatch for Windows Media Player (Version: 0.00.000) Musicmatch® Jukebox (Version: 10.10.0097) mWlsSafe (Version: 9.00.0000) mXML (Version: 1.19.0000) MySQL Server 5.0 (Version: 5.0.51b) mZConfig (Version: 1.19.0000) NetBeans IDE 6.1 NetWaiting (Version: 2.5.23) NetZeroInstallers (Version: 1.0.0) Newsletter Tutorial - Space Invaders Part I (Version: ) Notepad App OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0) Photo Click (Version: 1.0.0) Prism Video Converter PuTTY version 0.60 (Version: 0.60) QtSpim (Version: 9.0.1) Qualxserve Service Agreement (Version: 1.10.0000) Quartus II 9.1sp2 Web Edition (Version: 9.1sp2) QuickSet (Version: 7.0.10) QuickTime (Version: 7.68.75.0) RealPlayer Basic Rhapsody Player Engine (Version: 1.0.2.636) Rhinoceros 4.0 Evaluation (Version: 4.0.30827) Roxio DLA (Version: 5.2.0) Roxio Express Labeler (Version: 2.1.0) Roxio MyDVD LE (Version: 6.1.6) Roxio RecordNow Audio (Version: 2.0.4) Roxio RecordNow Copy (Version: 2.0.4) Roxio RecordNow Data (Version: 2.0.4) Search Assist (Version: 1.00.0000) Sentinel System Driver Sonic Activation Module (Version: 1.0) Sonic Update Manager (Version: 3.0.0) Spybot - Search & Destroy 1.4 (Version: 1.4) Streamripper (Remove only) StumbleUpon IE Toolbar (Version: 3.23) Synaptics Pointing Device Driver (Version: 14.0.3.0) TabbedPaneDemo TabComponentsDemo The Print Shop 12 TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056) TomTom HOME Visual Studio Merge Modules (Version: 1.0.2) Try Corel Snapfire muvee autoProducer add on (Version: 1.00.0000) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Windows Internet Explorer 8 (KB2447568) (Version: 1) Update for Windows Internet Explorer 8 (KB973874) (Version: 1) Update for Windows Internet Explorer 8 (KB976662) (Version: 1) Update for Windows Internet Explorer 8 (KB976749) (Version: 1) Update for Windows Internet Explorer 8 (KB980182) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676) (Version: 1) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2661254-v2) (Version: 2) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB2749655) (Version: 1) URL Assistant VLC media player 1.1.5 (Version: 1.1.5) Watchtower Library 2011 - English (Version: 13.0) WebEx WebFldrs XP (Version: 9.50.7523) WildTangent Web Driver Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (Version: 07/12/2010 2.08.02) Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (07/12/2010 2.08.02) (Version: 07/12/2010 2.08.02) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Imaging Component (Version: 3.0.0.0) Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 (Version: 20090308.140743) Windows Management Framework Core Windows Media Encoder 9 Series Windows Media Encoder 9 Series (Version: 9.00.2980) Windows Media Format 11 runtime Windows Media Player 10 (Version: 9.00.3636) Windows Media Player 11 Windows XP Service Pack 3 (Version: 20080414.031525) WinRAR archiver XML Paper Specification Shared Components Pack 1.0 XoftSpySE (Version: 6.0.0.0) ========================= Devices: ================================ Name: Broadcom 440x 10/100 Integrated Controller Description: Broadcom 440x 10/100 Integrated Controller Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Broadcom Service: bcm4sbxp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: 1394 Net Adapter Description: 1394 Net Adapter Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318} Manufacturer: Microsoft Service: NIC1394 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Synaptics PS/2 Port Pointing Device Description: Synaptics PS/2 Port Pointing Device Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318} Manufacturer: Synaptics Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ========================= Memory info: =================================== Percentage of memory in use: 65% Total physical RAM: 1015.37 MB Available physical RAM: 348.85 MB Total Pagefile: 2436.86 MB Available Pagefile: 1640.31 MB Total Virtual: 2047.88 MB Available Virtual: 1970.95 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:50.83 GB) (Free:3.35 GB) NTFS ========================= Users: ======================================== User accounts for \\DFG1FS91 Administrator D2 David Guest HelpAssistant Ivy SUPPORT_388945a0 ========================= Minidump Files ================================== C:\WINDOWS\Minidump\Mini060712-01.dmp C:\WINDOWS\Minidump\Mini083112-01.dmp C:\WINDOWS\Minidump\Mini100112-01.dmp C:\WINDOWS\Minidump\Mini101112-01.dmp **** End of log **** Farbar Service Scanner Version: 07-10-2012 Ran by David (administrator) on 12-10-2012 at 09:02:23 Running from "C:\Documents and Settings\David Colon-Smith\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Bridge(14) BridgeMP(13) Gpc(6) IPSec(4) IWCA(10) MPFIREWL(3) NetBT(5) PSched(7) s24trans(8) Tcpip(3) 0x0F000000040000000100000002000000030000000F00000005000000060000000700000008000000090000000A0000000B0000000C0000000D0000000E000000 IpSec Tag value is correct. **** End of log ****
- October 12, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Not through Malwarebytes itself, I couldn't. I think my network settings are messed up, but it's another software program because issues like these have been happening from quite some time before this.
- October 12, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I tried to update Malwarebytes again, but the Invalid Argument error reoccurred. I then went back to the forum post that I mentioned earlier, and now I have the definitions below: Date: 10/8/2012 10:28:27 AM Database version: v2012.10.08.05 Fingerprints loaded: 326408
- October 11, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I performed all of the steps above, and I now have a new version of Java. How should I proceed from here?
- October 11, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Below is the log after running Kaspersky Virus Removal Tool: Status: Deleted (events: 6) 10/9/2012 3:53:26 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-28335f07 High 10/9/2012 3:53:35 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-2e6c2d32 High 10/9/2012 3:53:43 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-3407ba14 High 10/9/2012 3:53:50 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-35d60ac8 High 10/9/2012 3:53:57 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-5c2388b4 High 10/9/2012 3:54:04 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\David Colon-Smith\Application Data\Sun\Java\Deployment\cache\6.0\45\6c075e2d-7402ad10 High
- October 10, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Below is the ESET scan log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=49153 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28d70e7ab708d94e92bb6a87df588e7c # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-02 02:50:25 # local_time=2012-10-01 10:50:25 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16774142 0 93 31153540 84731206 0 0 # compatibility_mode=5891 16776870 42 87 8926 45072727 0 0 # compatibility_mode=8192 67108863 100 0 9088 9088 0 0 # scanned=202201 # found=24 # cleaned=24 # scan_time=4769 C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28d70e7ab708d94e92bb6a87df588e7c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-02 05:04:46 # local_time=2012-10-02 01:04:46 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16774142 0 93 31161201 84738867 0 0 # compatibility_mode=5891 16776870 42 87 16587 45080388 0 0 # compatibility_mode=8192 67108863 100 0 16749 16749 0 0 # scanned=210462 # found=1 # cleaned=1 # scan_time=5168 C:\WINDOWS\system32\Improve Your PC.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28d70e7ab708d94e92bb6a87df588e7c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-10-09 06:50:55 # local_time=2012-10-09 02:50:55 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16774142 0 93 31772480 85350146 0 0 # compatibility_mode=5891 16776870 42 87 0 45691667 0 0 # compatibility_mode=8192 67108863 100 0 628028 628028 0 0 # scanned=210705 # found=0 # cleaned=0 # scan_time=5059
- October 9, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

After I did all the steps from the link, I tried to update Malwarebytes, but I still receive the same error. However, I used a post I found in the forums here, and I updated my database version so that it says the following: Post link: http://forums.malwarebytes.org/index.php?showtopic=108769 (What it says in the Update Tab) Current database information: Date: 10/1/2012 9:58:11 AM Database version: v2012.10.01.05 Fingerprints loaded: 324895
- October 7, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Below is the log that was generated from ComboFix. On a side note, I went snooping around the site, and I found a way to update Malwarebytes without using the Check for Updates option in the program, so I now have newer definition files for the program. ComboFix 12-10-04.02 - David 10/07/2012 13:51:41.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.675 [GMT -4:00] Running from: c:\documents and settings\David Colon-Smith\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\David Colon-Smith\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 ))))))))))))))))))))))))))))))) . . 2072-07-31 22:44 . 2004-08-24 19:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll 2012-10-06 22:10 . 2012-10-06 22:11 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-10-06 21:12 . 2012-10-06 21:12 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\Malwarebytes 2012-10-06 21:12 . 2012-10-06 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-10-06 21:12 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-06 21:12 . 2012-10-06 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-10-06 20:52 . 2012-08-30 05:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D1F7F88-932B-4D76-B4CB-1FF2D66A2A79}\mpengine.dll 2012-10-04 22:33 . 2012-10-04 22:33 -------- d-----w- c:\program files\Common Files\XoftSpySE 2012-10-04 22:33 . 2012-10-04 22:33 -------- d-----w- c:\program files\XoftSpySE6 2012-10-04 22:33 . 2012-10-04 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2012-10-01 00:12 . 2012-08-28 15:14 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-09-30 23:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-09-30 23:52 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-09-30 22:59 . 2012-09-30 22:59 -------- d-----w- c:\program files\ESET 2012-09-21 11:35 . 2012-09-21 11:35 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\McAfee 2012-09-21 11:31 . 2012-09-21 11:29 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-09-21 11:31 . 2012-09-21 11:29 23112 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-09-21 11:28 . 2012-09-23 04:55 -------- d-----w- c:\program files\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 05:17 . 2009-12-19 14:13 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-28 15:14 . 2004-08-11 22:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2004-08-11 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2004-08-11 22:00 385024 ----a-w- c:\windows\system32\html.iec 2008-04-05 21:01 . 2008-04-05 21:01 3778594 ----a-w- c:\program files\bluejsetup-221.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984] "XoftSpySE"="c:\program files\XoftSpySE6\XoftSpySE.exe" [2009-08-28 4853016] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CACHEWEB.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CACHEWEB.lnk backup=c:\windows\pss\CACHEWEB.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl] [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2007-02-06 15:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2005-12-15 15:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-11-01 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 13:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2006-04-11 02:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-06-01 22:19 136176 ----atw- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] 2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] 2006-03-07 20:05 992808 ----a-w- c:\program files\mcafee.com\personal firewall\MpfTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon] 2006-06-09 16:47 47104 ----a-w- c:\windows\system32\ico.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2006-04-11 02:12 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-08-10 00:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\dlcccoms.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\David Colon-Smith\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6000:TCP"= 6000:TCP:test . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) . R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [10/6/2012 6:10 PM 40776] R3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [8/28/2009 5:15 PM 582424] S1 MpKsl057b8bd2;MpKsl057b8bd2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys [?] S2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\Cache\Bin\cservice.exe [8/18/2008 9:35 PM 73728] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176] S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?] S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\ATL7132.exe --> c:\windows\system32\ATL7132.exe [?] S2 lanmanserver32;Server ;c:\windows\system32\POSTWPP32.exe --> c:\windows\system32\POSTWPP32.exe [?] S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?] S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?] S2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008] S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?] S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\TosSndAPI32.exe --> c:\windows\system32\TosSndAPI32.exe [?] S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [9/19/2011 5:11 PM 58960] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/15/2007 8:59 PM 16194] S3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\Cache\httpd\bin\httpd.exe [8/18/2008 9:35 PM 20541] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19] . 2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19] . 2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006Core.job - c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19] . 2012-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006UA.job - c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19] . 2012-08-18 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15] . 2012-10-07 c:\windows\Tasks\User_Feed_Synchronization-{4DBF9887-0447-4DA1-8377-9B6F318E27D7}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . 2012-10-07 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE6\XoftSpySELauncher.exe [2009-08-28 21:13] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-07 14:05 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(772) c:\program files\Intel\Wireless\Bin\LgNotify.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(1832) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\msi.dll . Completion time: 2012-10-07 14:09:57 ComboFix-quarantined-files.txt 2012-10-07 18:09 ComboFix2.txt 2012-09-30 06:22 ComboFix3.txt 2011-04-13 02:14 . Pre-Run: 3,172,528,128 bytes free Post-Run: 3,249,520,640 bytes free . - - End Of File - - 23C1CCB9B0F1D470B8BB6BF20D6D6A32
- October 7, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I ran mbam-clean.exe, and reinstalled Malwarebytes from the link given, and I still generate an error. I also tried updating through a proxy (as mentioned in the FAQs), and tried updating in Safe Mode with Networking to no avail. Is there something else I can do to update besides uninstalling and reinstalling the software?
- October 6, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I tried the Check for Updates button, and I still get that Invalid argument error I mentioned previously, even when I try to do so in Safe Mode with Networking. I think the bug went away though because my latest scan was clean. Should I try something else to be completely sure?
- October 6, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I uninstalled the version I had and reinstalled Malwarebytes from the link, then ran a quick scan, with the following results. Is there a way to get the updates manually? Nothing I try allows me to update them from within the program. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.07.13 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 David :: DFG1FS91 [administrator] 10/4/2012 6:19:40 PM mbam-log-2012-10-04 (18-19-40).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 278701 Time elapsed: 5 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- October 4, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I ran a quick scan of Malwarebytes again and the infected key still shows up. Here is the log report below. Should I run ESET another time? Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.07.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 David :: DFG1FS91 [administrator] 10/3/2012 10:04:48 PM mbam-log-2012-10-03 (22-33-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 280389 Time elapsed: 28 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
- October 4, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Thanks for the advice, I was able to run it in Safe Mode with Networking. Below is teh log file: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=1 esets_scanner_update returned -1 esets_gle=49153 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28d70e7ab708d94e92bb6a87df588e7c # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-02 02:50:25 # local_time=2012-10-01 10:50:25 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16774142 0 93 31153540 84731206 0 0 # compatibility_mode=5891 16776870 42 87 8926 45072727 0 0 # compatibility_mode=8192 67108863 100 0 9088 9088 0 0 # scanned=202201 # found=24 # cleaned=24 # scan_time=4769 C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=28d70e7ab708d94e92bb6a87df588e7c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-02 05:04:46 # local_time=2012-10-02 01:04:46 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1797 16774142 0 93 31161201 84738867 0 0 # compatibility_mode=5891 16776870 42 87 16587 45080388 0 0 # compatibility_mode=8192 67108863 100 0 16749 16749 0 0 # scanned=210462 # found=1 # cleaned=1 # scan_time=5168 C:\WINDOWS\system32\Improve Your PC.lnk LNK/URL.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
- October 2, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I retried (after refreshing my connection) and it returned the same error. I think the issue with ESET (and for why I can't update Malwarebytes) might be something I noticed two years ago, but could never find a way to fix. When I deactivated a firewall I had, a program that uses SSH connections worked fine, but when the firewall was active, it made the program through a "fatal error". I uninstalled the program that manages that firewall, but I think the settings on it are still active somehow. By chance, do you know any suggestions on how to undo effects like those?
- October 1, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

When I pressed Start after making sure that the Remove found threats option and the Scan unwanted applications option were checked, it began trying to download the definitions, and it stopped, mentioning: "Can not get update. Is proxy configured?". Should I try to configure a proxy?
- September 30, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Hi, below is my log after running ComboFix: ComboFix 12-09-27.03 - David 09/30/2012 1:48.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.620 [GMT -4:00] Running from: c:\documents and settings\David Colon-Smith\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\956ab021 c:\documents and settings\All Users\SPL591.tmp c:\documents and settings\All Users\SPLF0.tmp c:\documents and settings\David Colon-Smith\Application Data\40933372 c:\documents and settings\David Colon-Smith\Application Data\Adobe\plugs c:\documents and settings\David Colon-Smith\Application Data\Adobe\shed c:\documents and settings\David Colon-Smith\hkaiwhwauv.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL0217.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL0341.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL0407.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL0408.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL0883.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL1560.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL3040.tmp c:\documents and settings\David Colon-Smith\My Documents\~WRL3743.tmp c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\4w4wi64f.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\acvp0y0d.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{05265800-156e-4f00-be7b-8b35c197c3c3}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{1095a64f-298f-4764-8ef6-9d20aed1c8a6}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{3904947b-eb75-4243-a525-81ff6bd20d68}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{625bb00d-60c4-4fd7-aec9-9c883fb047f5}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{6bb2cd86-a536-4fb6-b66b-296191996bca}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c2d6eb9e-3f0d-40fb-a0f4-5320bfeef36d}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{c5005cab-02d9-4b66-926d-59692f1f2ea0}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{de531cee-74b8-4f6a-878f-951c7fd94fa8}\install.rdf c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de} c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome.manifest c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\chrome\xulcache.jar c:\documents and settings\Ivy Colon\Application Data\Mozilla\Firefox\Profiles\qdt6y5bo.default\extensions\{f805377c-3cf5-453a-b90a-d6d00261a5de}\install.rdf c:\documents and settings\Ivy Colon\hkaiwhwauv.tmp c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET11A.tmp c:\windows\system32\SET2E.tmp c:\windows\system32\SET2F.tmp c:\windows\system32\SET30.tmp c:\windows\system32\SET7C7.tmp c:\windows\system32\SET7D3.tmp c:\windows\system32\SET7DB.tmp c:\windows\system32\SET7DC.tmp c:\windows\system32\SET7DE.tmp c:\windows\system32\SET7E1.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETF0.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wt c:\windows\wt\data.wts c:\windows\wt\updater\wcmdmgr.exe c:\windows\wt\updater\wcmdmgrl.exe c:\windows\wt\updater\wt.ini c:\windows\wt\webdriver.dll c:\windows\wt\webdriver\4.1.1\actorobject.dll c:\windows\wt\webdriver\4.1.1\dx5drv.dll c:\windows\wt\webdriver\4.1.1\dx7drv.dll c:\windows\wt\webdriver\4.1.1\objectbundle.dll c:\windows\wt\webdriver\4.1.1\sound.dll c:\windows\wt\webdriver\4.1.1\wdcaps.ded c:\windows\wt\webdriver\4.1.1\wdengine.dll c:\windows\wt\webdriver\4.1.1\webdriver.dll c:\windows\wt\webdriver\4.1.1\wthost.exe c:\windows\wt\webdriver\4.1.1\wthostctl.dll c:\windows\wt\webdriver\4.1.1\wtmulti.dll c:\windows\wt\webdriver\4.1.1\wtmulti.jar c:\windows\wt\webdriver\4.1.1\wtwmplug.ax c:\windows\wt\webdriver\4.1.1\wtwmplug.ini c:\windows\wt\webdriver\jdriver.dll c:\windows\wt\webdriver\rdriver.dll c:\windows\wt\webdriver\wildtangent.jar c:\windows\wt\webdriver\wtdmmp.dll c:\windows\wt\webdriver\wtdmmpi.jar c:\windows\wt\webdriver\wtdmmpv.dll c:\windows\wt\wt3d.dll c:\windows\wt\wt3d.ini c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts c:\windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts c:\windows\wt\wtupdates\wtupdater\appinfo.dat c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts c:\windows\wt\wtvh.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_DHCP32 -------\Service_Dhcp32 . . ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 ))))))))))))))))))))))))))))))) . . 2072-07-31 22:44 . 2004-08-24 19:27 375808 ----a-w- c:\program files\Microsoft Games\Halo\binkw32.dll 2012-09-24 20:46 . 2012-09-25 20:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\Malwarebytes 2012-09-24 20:46 . 2012-09-24 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-09-24 20:46 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 20:46 . 2012-09-25 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-21 11:35 . 2012-09-21 11:35 -------- d-----w- c:\documents and settings\David Colon-Smith\Application Data\McAfee 2012-09-21 11:31 . 2012-09-21 11:29 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-09-21 11:31 . 2012-09-21 11:29 23112 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-09-21 11:28 . 2012-09-23 04:55 -------- d-----w- c:\program files\McAfee . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-05 21:01 . 2008-04-05 21:01 3778594 ----a-w- c:\program files\bluejsetup-221.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024] "SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 393216] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "MPFEXE"="c:\program files\mcafee.com\personal firewall\MPFTray.exe" [2006-03-07 992808] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CACHEWEB.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CACHEWEB.lnk backup=c:\windows\pss\CACHEWEB.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl] [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-11-10 17:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2007-02-06 15:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2005-12-15 15:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] 2005-11-01 08:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 13:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2006-04-11 02:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-06-01 22:19 136176 ----atw- c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-10-15 01:50 114688 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] 2005-10-15 01:49 94208 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] 2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] 2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] 2006-03-07 20:05 992808 ----a-w- c:\program files\mcafee.com\personal firewall\MpfTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon] 2006-06-09 16:47 47104 ----a-w- c:\windows\system32\ico.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2006-04-11 02:12 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2007-08-10 00:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2010-08-24 09:38 247144 ----a-w- c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\dlcccoms.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\David Colon-Smith\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"= "c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6000:TCP"= 6000:TCP:test . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) . R2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\Cache\Bin\cservice.exe [8/18/2008 9:35 PM 73728] R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008] R3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\Cache\httpd\bin\httpd.exe [8/18/2008 9:35 PM 20541] S1 MpKsl057b8bd2;MpKsl057b8bd2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl057b8bd2.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176] S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?] S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\ATL7132.exe --> c:\windows\system32\ATL7132.exe [?] S2 lanmanserver32;Server ;c:\windows\system32\POSTWPP32.exe --> c:\windows\system32\POSTWPP32.exe [?] S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?] S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?] S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?] S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\TosSndAPI32.exe --> c:\windows\system32\TosSndAPI32.exe [?] S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [9/19/2011 5:11 PM 58960] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [6/15/2007 8:59 PM 16194] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/1/2010 6:19 PM 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/24/2012 4:46 PM 40776] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [6/3/2009 4:52 PM 120168] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2012-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 22:19] . 2012-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006Core.job - c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1705149355-52376669-1174297957-1006UA.job - c:\documents and settings\David Colon-Smith\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 22:19] . 2012-08-18 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-28 21:15] . 2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{4DBF9887-0447-4DA1-8377-9B6F318E27D7}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31] . 2012-08-18 c:\windows\Tasks\XoftSpySE.job - c:\program files\XoftSpySE\XoftSpy.exe [2007-03-07 23:58] . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-Locked - (no file) MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1166243950\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1166243950\ee\AOLSoftware.exe MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe MSConfigStartUp-sscRun - c:\program files\Common Files\AOL\1166243950\ee\SSCRun.exe AddRemove-West_Point_Bridge_Designer_2007 - c:\windows\iun6002.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-30 02:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run MPFEXE = "c:\program files\mcafee.com\personal firewall\MPFTray.exe"???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(772) c:\program files\Intel\Wireless\Bin\LgNotify.dll . - - - - - - - > 'explorer.exe'(3328) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\xpsp3res.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\altera\91sp2\quartus\bin\jtagserver.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\intersystems\cache\bin\cache.exe c:\program files\mcafee.com\personal firewall\MPFService.exe c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe c:\windows\stsystra.exe c:\windows\system32\dlcccoms.exe c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe . ************************************************************************** . Completion time: 2012-09-30 02:22:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-30 06:22 ComboFix2.txt 2011-04-13 02:14 . Pre-Run: 2,237,669,376 bytes free Post-Run: 4,292,571,136 bytes free . - - End Of File - - D1EBF97A03A820C32D6B9BDF378725DE
- September 30, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Below is the posted log and the URL: # AdwCleaner v2.003 - Logfile created 09/29/2012 at 01:01:36 # Updated 23/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : David - DFG1FS91 # Boot Mode : Normal # Running from : C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Deleted : C:\Program Files\Windows Savevid Toolbar ***** [Registry] ***** Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Google Chrome v21.0.1180.89 ************************* AdwCleaner[R1].txt - [2281 octets] - [26/09/2012 09:39:29] AdwCleaner[R2].txt - [2341 octets] - [26/09/2012 09:56:22] AdwCleaner[R3].txt - [2401 octets] - [26/09/2012 09:57:36] AdwCleaner[R4].txt - [2281 octets] - [26/09/2012 09:58:27] AdwCleaner[s1].txt - [2681 octets] - [29/09/2012 01:01:36] ########## EOF - C:\AdwCleaner[s1].txt - [2741 octets] ########## https://www.virustotal.com/file/25b18fef62395abb1eb4c17d81d9eb31759f6c5dbaa5cdb192949055d69e3071/analysis/1348895321/
- September 29, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I apologize, here are the files below: # AdwCleaner v2.003 - Logfile created 09/26/2012 at 09:39:29 # Updated 23/09/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : David - DFG1FS91 # Boot Mode : Normal # Running from : C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint Folder Found : C:\Program Files\Windows Savevid Toolbar ***** [Registry] ***** Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\Software\Viewpoint Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v21.0.1180.89 ************************* AdwCleaner[R1].txt - [2152 octets] - [26/09/2012 09:39:29] ########## EOF - C:\AdwCleaner[R1].txt - [2212 octets] ########## . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by David at 10:01:29 on 2012-09-26 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.71 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Trend Micro PC-cillin Internet Security *Disabled/Outdated* {7D2296BC-32CC-4519-917E-52E652474AF5} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\intersystems\cache\bin\cservice.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\altera\91sp2\quartus\bin\jtagserver.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\mcafee.com\personal firewall\MPFService.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\intersystems\cache\bin\cache.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Documents and Settings\David Colon-Smith\My Documents\TomTom HOME 2\TomTomHOMEService.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe c:\intersystems\cache\bin\cache.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\InterSystems\Cache\httpd\bin\httpd.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\mcafee.com\personal firewall\MPFTray.exe C:\InterSystems\Cache\httpd\bin\httpd.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\dlcccoms.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\David Colon-Smith\Desktop\adwcleaner.exe C:\Documents and Settings\David Colon-Smith\Desktop\aswMBR.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi0498~1\datamngr\toolbar\searchqudtx.dll TB: !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\david colon-smith\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe" mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16 mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mRunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "c:\program files\Windows Savevid Toolbar" mRunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "c:\program files\windows savevid toolbar\datamngr\ToolBar" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [RunNarrator] Narrator.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cruzan2.webex.com/client/T27LB/webex/ieatgpc.cab TCP: DhcpNameServer = 152.3.72.100 152.3.70.100 TCP: Interfaces\{38434B1E-6738-4A86-85C6-579D6B868F8B} : DhcpNameServer = 152.3.72.100 152.3.70.100 Notify: igfxcui - igfxdev.dll Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll AppInit_DLLs: c:\windows\system32\gdi3232.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165648] R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2006-12-16 80640] R1 MpKsl30dd1ea7;MpKsl30dd1ea7;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83757166-bbd5-49ea-b802-834d557fa638}\MpKsl30dd1ea7.sys [2012-9-25 29904] R2 Cache_c-_intersystems_cache;Caché Controller for CACHEWEB;c:\intersystems\cache\bin\cservice.exe [2008-8-18 73728] R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\david colon-smith\my documents\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008] R3 CACHEWEBhttpd;Web Server for CACHEWEB;c:\intersystems\cache\httpd\bin\httpd.exe [2008-8-18 20541] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-24 40776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Dhcp32;DHCP Client ;c:\windows\system32\gearaspi32.exe --> c:\windows\system32\GEARAspi32.exe [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176] S2 hkmsvc32;Health Key and Certificate Management Service ;c:\windows\system32\cryptdlg32.exe --> c:\windows\system32\cryptdlg32.exe [?] S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\atl7132.exe --> c:\windows\system32\ATL7132.exe [?] S2 lanmanserver32;Server ;c:\windows\system32\postwpp32.exe --> c:\windows\system32\POSTWPP32.exe [?] S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\windows\system32\rastls32.exe --> c:\windows\system32\rastls32.exe [?] S2 RegSrvc32;RegSrvc ;c:\windows\system32\gcdef32.exe --> c:\windows\system32\gcdef32.exe [?] S2 VSS32;Volume Shadow Copy ;c:\windows\system32\dlccutil(3)32.exe --> c:\windows\system32\dlccutil(3)32.exe [?] S2 xmlprov32;Network Provisioning Service ;c:\windows\system32\tossndapi32.exe --> c:\windows\system32\TosSndAPI32.exe [?] S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\usbblstr.sys [2011-9-19 58960] S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2007-6-15 16194] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-1 136176] S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-12-16 114464] S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-6-3 120168] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== File Associations =============== . .scr=AutoCADScriptFile . =============== Created Last 30 ================ . 2072-07-31 22:44:42 375808 ----a-w- c:\program files\microsoft games\halo\binkw32.dll 2012-09-26 02:21:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{83757166-bbd5-49ea-b802-834d557fa638}\MpKsl30dd1ea7.sys 2012-09-24 20:46:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-09-24 20:46:56 -------- d-----w- c:\documents and settings\david colon-smith\application data\Malwarebytes 2012-09-24 20:46:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-09-24 20:46:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 20:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-21 11:35:54 -------- d-----w- c:\documents and settings\david colon-smith\application data\McAfee 2012-09-21 11:31:22 75656 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-09-21 11:31:22 23112 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-09-21 11:28:29 -------- d-----w- c:\program files\McAfee . ==================== Find3M ==================== . 2008-04-05 21:01:47 3778594 ----a-w- c:\program files\bluejsetup-221.exe . ============= FINISH: 10:01:45.59 =============== aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-26 09:41:40 ----------------------------- 09:41:40.187 OS Version: Windows 5.1.2600 Service Pack 3 09:41:40.187 Number of processors: 1 586 0xD08 09:41:40.187 ComputerName: DFG1FS91 UserName: David 09:41:40.734 Initialize success 09:41:51.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 09:41:51.750 Disk 0 Vendor: Hitachi_HTS721060G9AT00 MC3OA53A Size: 55796MB BusType: 3 09:41:51.765 Disk 0 MBR read successfully 09:41:51.765 Disk 0 MBR scan 09:41:51.765 Disk 0 unknown MBR code 09:41:51.765 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63 09:41:51.781 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 52046 MB offset 96390 09:41:51.812 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3694 MB offset 106687665 09:41:51.812 Disk 0 scanning sectors +114254280 09:41:51.890 Disk 0 scanning C:\WINDOWS\system32\drivers 09:42:02.781 Service scanning 09:42:05.421 Service BVRPMPR5 D:\INSTAL~E\Core\BVRPMPR5.SYS **LOCKED** 21 09:42:12.234 Service MpKsl30dd1ea7 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{83757166-BBD5-49EA-B802-834D557FA638}\MpKsl30dd1ea7.sys **LOCKED** 32 09:42:22.046 Modules scanning 09:42:32.078 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS** 09:42:34.046 Disk 0 trace - called modules: 09:42:34.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 09:42:34.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8710bab8] 09:42:34.078 3 CLASSPNP.SYS[f7687fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87174d98] 09:42:34.078 Scan finished successfully 09:43:19.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\David Colon-Smith\Desktop\MBR.dat" 09:43:19.484 The log file has been saved successfully to "C:\Documents and Settings\David Colon-Smith\Desktop\aswMBR.txt" Sorry again for attaching them earlier.
- September 26, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I uninstalled both programs, and ran AppRemover (which mentioned no applications). Then I ran all of the programs mentioned, and I saved the requested logs. AdwCleanerR1.txt aswMBR.txt dds.txt
- September 26, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

I followed the instructions from the link, and below (and attached) are the logs: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.07.13 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 David :: DFG1FS91 [administrator] 9/25/2012 6:27:20 PM mbam-log-2012-09-25 (22-03-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 291903 Time elapsed: 21 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LANMANSERVER32 (Trojan.Tracur) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) dds.txt attach.txt
- September 26, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Hi, I ran mbam-clean.exe and restarted my computer. Then I downloaded Malwarebytes from the link in the post above. When it went to update, it gave me the same error. Also, when it started the program, it mentioned that "The Malwarebytes Anti-Malware database is missing or corrupt. Would you like to download a new copy?". When I click yes, it gives me the same updating error mentioned above. I restarted my computer just to see if it would happen again, and it did. Should I download a different copy?
- September 24, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Hi, I ran command prompt as administrator and restarted my computer, however it still gives me the same error. How should I proceed from here?
- September 24, 2012
- 52 replies
Can't completely remove a virus

cycle1 replied to cycle1's topic in Resolved Malware Removal Logs

Hi, Thank you for choosing to help me. Whenever I try to update MBAM, I always get this error: An error has occurred. Please report this issue to our support team (include the content of all error message(s) and code(s) in your submission). PROGRAM_ERROR_UPDATING(0, 0, Invalid argument) Also, I wasn't a paying customer, so I'll assume I can't use services from the help desk. Seeing as I can't update MBAM, should I just run the scan anyway and proceed as you said?
- September 24, 2012
- 52 replies

Events

Profiles

Forums

Everything posted by cycle1

Important Information